Demystifying statically linked ELF security mitigations-- with binary instrumentation techniques: Static ELF's and ASLR/RELRO mitigations

Presented at ToorCamp 2018, June 23, 2018, noon (50 minutes).

ELF executables are often statically linked for COTS binaries to avoid dependency issues and to keep things simple. After all, why not build a binary as statically linked? ASLR and RelRO (read-only relocations) are two extremely important binary mitigation techniques that are presently incompatible with statically linked binaries. This talk presents the surprisingly dangerous attack surface of statically linked executables and a solution that demonstrates working ASLR and RELRO with statically linked executables by using binary instrumentation techniques.

ELF executables are often statically linked for COTS binaries to avoid dependency issues and to keep things simple. After all, why not build a binary as statically linked? ASLR and RelRO (read-only relocations) are two extremely important binary mitigation techniques that are presently incompatible with statically linked binaries. This talk presents the surprisingly dangerous attack surface of statically linked executables and a solution that demonstrates working ASLR and RELRO with statically linked executables using binary instrumentation techniques. The software RelroS and static2dyn will be presented as innovative solutions that temporarily resolve these issues until the glibc developers can take the time to add the support into 'ld', and 'gcc'. During this talk we will cover many of the intricacies of statically linked executables, the vulnerable data structures that are being used internally, and how we can instrument the ELF headers and the code in such a way that we actually get RelRO and ASLR working with static binaries.


Presenters:

  • Ryan O'Neill / elfmaster as elfmaster
    I am a computer security researcher who specializes in designing new technologies for exploitation mitigation, memory forensics, and binary protection.

Links:

Similar Presentations: